In this campaign the threat actors use a name in the 'From' field of the email aligned with the targeted organization's name. Obviously pretending to be someone else can have its advantages especially if that someone else holds a position of power or trust with regards to the receiver. This can be used in various ways by attackers. Spoofed emailĮmail spoofing basically comes down to sending emails with a false sender address. The access to the page is behind a reCAPTCHA, probably to keep out the bots, particularly any automated URL analysis tools. The javascript uses the method to redirect the target to a specially crafted phishing page.
In reality, it is an HTML file with obfuscated javascript embedded. To add credibility, the name of the attachment starts with a music note character like f.e. The email claims that you have a new voicemail and that you can listen to the message by clicking on the attachment. A phishing campaign is using voicemail notification messages to go after victims' Office 365 credentials.Īccording to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript.
